[tor-bugs] #1938 [Tor Client]: UpdateBridgesFromAuthority dangerous

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Sep 14 00:04:52 UTC 2010


#1938: UpdateBridgesFromAuthority dangerous
------------------------+---------------------------------------------------
 Reporter:  arma        |       Owner:     
     Type:  task        |      Status:  new
 Priority:  major       |   Milestone:     
Component:  Tor Client  |     Version:     
 Keywords:              |      Parent:     
------------------------+---------------------------------------------------
 Now that we've fixed #1138, it might be tempting to start distributing
 identity fingerprints along with our bridge addresses again, so clients
 can try the bridge authority for the descriptor.

 In retrospect, though, the plan of "first go to the centralized place that
 is easily associated with being a Tor bridge user, then if it's
 unreachable go directly to the bridge for its descriptor" is unwise.

 In practice we should go to our bridges directly for their descriptor, and
 if we learn no descriptors, fail closed. Then, for the bridges that we've
 configured but didn't get a descriptor for, we can ask the bridge
 authority *via Tor* if it happens to know a newer descriptor for them.

 We'll have an opportunity to make things more robust once we get going on
 #1852.

 In the mean time, we should continue to avoid putting fingerprints on
 bridge addresses. (I believe Vidalia still sets UpdateBridgesFromAuthority
 for you when you configure a bridge.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1938>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list